Chapter 2
Why Security is Needed
Our bad neighbor makes us early stirrers, Which is both healthful and good husbandry.
WILLIAM SHAKESPEARE (1564–1616),
KING HENRY, IN HENRY V, ACT 4, SC. 1, L. 6-7.
Fred Chin, CEO of sequential label and supply, leaned back in his leather chair and propped his feet up on the long mahogany table in the conference room where the SLS
Board of Directors had just adjourned their quarterly meeting.
“What do you think about our computer security problem?” he asked Gladys Williams, the company’s chief information officer, or CIO. He was referring to last month’s outbreak of a malicious worm on the company’s computer network.
Gladys replied, “I think we have a real problem, and we need to put together a real solution, not just a quick patch like the last time.” Eighteen months ago, the network had been infected by an employee’s personal USB drive. To prevent this from happening again, all users in the company were banned from using USB drives.
Fred wasn’t convinced. “Can’t we just add another thousand dollars to the next training budget?”
Gladys shook her head. “You’ve known for some time now that this business runs on technology. That’s why you hired me as CIO. I have some experience at other firms and I’ve been researching information security, and my staff and I have some ideas to discuss with you. I’ve asked Charlie Moody to come in today to talk about it. He’s waiting to speak with us.”
When Charlie joined the meeting Fred said, “Hello, Charlie. As you know, the Board of Directors met today. They received a report on the expenses and lost production from the worm outbreak last month, and they directed us to improve the security of our technology.
Gladys says you can help me understand what we need to do about it.”
“To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.”